diff --git a/server/ocsp.go b/server/ocsp.go
index ca49fe7f..72ddfdbb 100644
--- a/server/ocsp.go
+++ b/server/ocsp.go
@@ -334,6 +334,16 @@ func (srv *Server) NewOCSPMonitor(config *tlsConfigKind) (*tls.Config, *OCSPMoni
 	// NOTE: Currently OCSP Stapling is enabled only for the first certificate found.
 	var mon *OCSPMonitor
 	for _, cert := range tc.Certificates {
+		if cert.Leaf == nil {
+			if len(cert.Certificate) <= 0 {
+				return nil, nil, fmt.Errorf("no certificate found")
+			}
+			var err error
+			cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0])
+			if err != nil {
+				return nil, nil, fmt.Errorf("error parsing certificate: %v", err)
+			}
+		}
 		var shutdownOnRevoke bool
 		mustStaple := hasOCSPStatusRequest(cert.Leaf)
 		if oc != nil {
diff --git a/test/ocsp_test.go b/test/ocsp_test.go
index b042b1a4..53ecd1a1 100644
--- a/test/ocsp_test.go
+++ b/test/ocsp_test.go
@@ -2438,3 +2438,17 @@ func getOCSPStatus(s tls.ConnectionState) (*ocsp.Response, error) {
 	}
 	return resp, nil
 }
+
+func TestOCSPManualConfig(t *testing.T) {
+	o := DefaultTestOptions
+	o.HTTPHost = "127.0.0.1"
+	o.HTTPSPort = -1
+	o.TLSConfig = &tls.Config{ServerName: "localhost"}
+	cert, err := tls.LoadX509KeyPair("configs/certs/server-cert.pem", "configs/certs/server-key.pem")
+	if err != nil {
+		t.Fatalf("Got error reading certificates: %s", err)
+	}
+	o.TLSConfig.Certificates = []tls.Certificate{cert}
+	s := RunServer(&o)
+	s.Shutdown()
+}